unl0kr: don't add extra deps to user's PATH
This commit is contained in:
parent
73f5c9608e
commit
8cb73687ce
|
@ -807,6 +807,8 @@ in
|
|||
sequoia.sandbox.whitelistPwd = true;
|
||||
sequoia.sandbox.autodetectCliPaths = true;
|
||||
|
||||
shadow.sandbox.enable = false; #< `login` can't be sandboxed, since it starts an interactive user session
|
||||
|
||||
shattered-pixel-dungeon.buildCost = 1;
|
||||
shattered-pixel-dungeon.persist.byStore.plaintext = [ ".local/share/.shatteredpixel/shattered-pixel-dungeon" ];
|
||||
shattered-pixel-dungeon.sandbox.method = "bwrap";
|
||||
|
|
|
@ -9,13 +9,12 @@ let
|
|||
};
|
||||
launcher = pkgs.writeShellApplication {
|
||||
name = "unl0kr-login";
|
||||
runtimeInputs = [
|
||||
# TODO: since this invokes `login`, adding these deps to PATH is questionable
|
||||
cfg.package
|
||||
pkgs.shadow
|
||||
redirect-tty
|
||||
];
|
||||
text = ''
|
||||
extraPath=/run/current-system/sw/bin:/bin:${lib.makeBinPath [ cfg.package config.sane.programs.shadow.package redirect-tty ]}
|
||||
locate() {
|
||||
PATH=$PATH:$extraPath command -v "$1"
|
||||
}
|
||||
|
||||
# TODO: make this more robust to failure.
|
||||
# - if `unl0kr` fails, then the second `redirect-tty` sends a newline to `login`, causing it to exit and the service fails.
|
||||
# - if `redirect-tty` fails, then... the service is left hanging.
|
||||
|
@ -25,8 +24,12 @@ let
|
|||
# but modified to not leak pword to CLI
|
||||
# - implement some sort of watchdog (e.g. detect spawned children?)
|
||||
# - set a timeout at the outer scope (which gets canceled upon successful login)
|
||||
bash -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
|
||||
login -p ${cfg.config.user}
|
||||
PATH=$PATH:$extraPath sh -c 'redirect-tty "/dev/${tty}" unl0kr ; sleep 2 ; redirect-tty "/dev/${tty}" echo ""' &
|
||||
|
||||
# N.B.: invoke `login` by full path instead of modifying `PATH`,
|
||||
# because we don't want the user session to inherit the PATH of this script!
|
||||
_login="$(locate login)"
|
||||
"$_login" -p ${cfg.config.user}
|
||||
'';
|
||||
};
|
||||
in
|
||||
|
@ -82,6 +85,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
suggestedPrograms = [
|
||||
"shadow" #< for login
|
||||
];
|
||||
|
||||
fs.".profile".symlink.text = lib.mkMerge [
|
||||
(lib.mkBefore ''
|
||||
# setup primarySessionCommands here and let any other nix config populate it later
|
||||
|
|
Loading…
Reference in New Issue
Block a user